Scheduled System Maintenance:
On Wednesday, July 29th, IEEE Xplore will undergo scheduled maintenance from 7:00-9:00 AM ET (11:00-13:00 UTC). During this time there may be intermittent impact on performance. We apologize for any inconvenience.
By Topic

Fine-Grained Refinement on TPM-Based Protocol Applications

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

7 Author(s)
Wenchao Huang ; Sch. of Comput. Sci. & Technol., Univ. of Sci. & Technol. of China, Hefei, China ; Yan Xiong ; Xingfu Wang ; Fuyou Miao
more authors

Trusted Platform Module (TPM) is a coprocessor for detecting platform integrity and attesting the integrity to the remote entity. There are two obstacles in the application of TPM: minimizing trusted computing base (TCB) for reducing risk of flaws in TCB, for which a number of convincing solutions have been developed; formal guarantees on each level of TCB, where the formal methods on analyzing the application level have not been well addressed. To the best of our knowledge, there is no general formal framework for developing the TPM-based protocol applications, which not only guarantees the security but also makes it easier for design. In this paper, we make fine-grained refinement on TPM-based security protocols to illustrate our formal solution on the application level by using the Event-B language. First, we modify the classical Dolev-Yao attacker model, which assumes normal entity's compliance with the protocol even without TPM's protection. Thus, the classical security protocols are vulnerable in this modified attacker model. Second, we make stepwise refinement of the security protocol by refining the protocol events and adding security constraints. From the fifth refinement, we make a case study to illustrate the entire refinement and further formally prove the key agreement protocol from DAAODV, the TPM-based routing protocol, under the extended Dolev-Yao attacker model. The refinement provides another way of formal modeling the TPM-based security protocols and a more fine-grained model to satisfy with the rigorous security requirement of applying TPM. Finally, we prove all the proof obligations generated by Rodin, an Eclipse-based IDE for Event-B, to ensure the soundness of our proposal.

Published in:

Information Forensics and Security, IEEE Transactions on  (Volume:8 ,  Issue: 6 )